[PATCH 11/15] crypto: Use "development" keys for "fit" and "tlv" keyring
Ahmad Fatoum
a.fatoum at pengutronix.de
Wed Oct 22 03:02:21 PDT 2025
On 10/14/25 1:03 PM, Jonas Rebmann wrote:
> All users of the CONFIG_CRYPTO_PUBLIC_KEYS feature should update to the
> new syntax making keyring selection mandatory.
>
> Instead of just making the addition of the builtin snakeoil keys
> explicit for the "fit" key, also add them to the "tlv" key to use them
> as a testing set for TLV keys too.
>
> Signed-off-by: Jonas Rebmann <jre at pengutronix.de>
> ---
> crypto/Makefile | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/crypto/Makefile b/crypto/Makefile
> index 08b9a46e4c..076ba4f686 100644
> --- a/crypto/Makefile
> +++ b/crypto/Makefile
> @@ -33,10 +33,12 @@ CONFIG_CRYPTO_PUBLIC_KEYS := $(foreach d,$(CONFIG_CRYPTO_PUBLIC_KEYS),"$(d)")
>
> ifdef CONFIG_CRYPTO_BUILTIN_DEVELOPMENT_KEYS
> ifdef CONFIG_CRYPTO_RSA
> -CONFIG_CRYPTO_PUBLIC_KEYS += rsa-devel:$(srctree)/crypto/fit-4096-development.crt
> +CONFIG_CRYPTO_PUBLIC_KEYS += keyring=fit,fit-hint=rsa-devel:$(srctree)/crypto/fit-4096-development.crt
> +CONFIG_CRYPTO_PUBLIC_KEYS += keyring=tlv:$(srctree)/crypto/fit-4096-development.crt
> endif
> ifdef CONFIG_CRYPTO_ECDSA
> -CONFIG_CRYPTO_PUBLIC_KEYS += ecdsa-devel:$(srctree)/crypto/fit-ecdsa-development.crt
> +CONFIG_CRYPTO_PUBLIC_KEYS += keyring=fit,fit-hint=ecdsa-devel:$(srctree)/crypto/fit-ecdsa-development.crt
> +CONFIG_CRYPTO_PUBLIC_KEYS += keyring=tlv:$(srctree)/crypto/fit-ecdsa-development.crt
We don't want people to overload tlv and instead use their own keyring
names. This is already too late for fit, but for this, let's call it
tlv-example?
Cheers,
Ahmad
> endif
> endif
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list